• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

Law Firm Case Study: 50% TPRM workload reduction with custom vendor risk assessments

Published by Sabrina Pagnotta on September 29, 2021
Categories
  • Blog
Tags
  • TPRM Best Practices
Law Firm TPRM Case Study

Business law firms handle highly sensitive data from their clients, such as trade secrets, mergers and acquisitions deals, non-public stock information, and patent trademark applications. As they engage with third party vendors for key activities such as accounting, cloud storage or e-discovery, these vendors with access to the network might increase the risk of client data exposure.

Third party risk management (TPRM) becomes, then, a crucial component of a robust security approach for the legal services industry.

This case study shows how a scalable, custom vendor risk assessment program helped an Am Law 200 firm achieve a 50% TPRM workload reduction to better understand and monitor risk across their supply chain, using ThirdPartyTrust:

Law Firm TPRM Case Study
Click on the image or here to download the case study overview

Oftentimes a firm ends up in the headlines not because it was attacked, but because a third party vendor was breached and exposed data from the firm and its clients. Attorneys need to prove that they’ll go the extra mile to protect client data, and that includes conducting thorough vendor risk assessments.

Below is a recap of our conversation with the firm’s Applications & Security Specialist, who is in charge of assessing, controlling and monitoring risk across the vendor ecosystem of the law firm.

Q: Why does a law firm need to perform vendor risk assessments?

Our clients would always perform assessments on us to decide if they could trust us with their data. At some point, they started asking about what type of assessments we do on our own vendors, and it became clear that we needed to formalize a vendor risk assessment process.

At first we would do a somewhat basic vetting of vendors that were accessing our computer network, based on the SANS Top 20 critical security control questionnaire (CIS Controls). But we didn’t deep dive into what their security processes were: Do they have a penetration test? Do they have cyber insurance?

Data is our crown jewels and our business is about building trust. If any of that data gets lost or compromised in any way, it would affect our reputation, but also other firms and their clients. A data breach can expose who’s working with who and have devastating effects.

Q: How did you decide that ThirdPartyTrust was the right tool? 

I noticed that instead of using spreadsheets, the trend was to use dedicated tools to centralize and automate the vendor risk assessment process. 

After some demos, it was clear that ThirdPartyTrust would make it very easy for us to conduct risk assessments and have an overview of our vendor assessment lifecycle. It’s simple to use and it centralizes all of our vendor data in one spot instead of sitting in different silos.

Another interesting side of it is that you can even share your own data as a vendor if you are being evaluated. Instead of having to fill out 20 different spreadsheets, we could share our security profile and data from the platform to any of our clients. (Learn how to build your own security profile with Beacon by ThirdPartyTrust.)

Q: How did this new risk assessment workflow help you achieve a TPRM workload reduction?

We created our own simple questionnaire with help from the ThirdPartyTrust team, to give us a basic understanding of what our engagement is with a particular third party vendor and monitor risk across the supply chain.

The tool has made the vendor risk assessment process a lot easier and streamlined, and we achieved a 50% workload reduction. With our current process, we invite vendors to the ThirdPartyTrust platform to complete our requirements, and we have a 95% acceptance rate.

Build Your TPRM Program with ThirdPartyTrust

Before, some vendors would send their own spreadsheet with common answers to security questions, but they were never specific to our engagement. Now, we have built custom requirements according to our labels. Our vendor categorization goes from tier 1 to tier 4; since the first one has the highest access to critical client data, it has the most requirements.

The visual layout of the tool is very friendly and I use color labels to get a glance of vendors by different criteria, such as:

  • Vendors with access to PHI and PII
  • Departments that the vendor works for internally at the firm
  • Vendor’s main point of contact
  • Vendor’s impact rating
Q: Why would you recommend ThirdPartyTrust to other law firms?

We’d recommend ThirdPartyTrust because it’s simple to use, it makes it visually easy to see where things are in the process of assessing a vendor, and it centralizes all of our vendor data in one risk dashboard.

In addition to the overall TPRM workload reduction, the findings are a very useful feature. When I have questions or requests for additional information from a vendor I can ask within the platform and keep everything in one place for future reference, instead of opening a new email thread that might get lost.

ThirdPartyTrust has helped us simplify our vendor assessment process and it allows us to compare our different vendors with their impact and risk to our law firm. In a business that’s based on building trust, we need to show that we’ll take care of client data. Having a robust TPRM program in place actually helps us attract new customers.

making tprm easier

Ready to take your TPRM to the next level?

Requesting vendors to complete risk assessments should not be a killer.

Get your free strategy guide and learn how to boost efficiency, transparency, and control over your risk management process and business bottom line.

Get the Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT